nginx 0day exploit for nginx + fastcgi PHP
Grzegorz Sienko
staff at krecio.pl
Sat May 22 05:17:59 MSD 2010
>From php.ini
; previous behaviour was to set PATH_TRANSLATED to SCRIPT_FILENAME,
and to not grok
; what PATH_INFO is. For more information on PATH_INFO, see the cgi
specs. Setting
; this to 1 will cause PHP CGI to fix it's paths to conform to the
spec. A setting
; of zero causes PHP to behave as before. Default is 1. You should
fix your scripts
; to use SCRIPT_FILENAME rather than PATH_TRANSLATED.
cgi.fix_pathinfo=1
2010/5/22 Cliff Wells <cliff at develix.com>:
> On Fri, 2010-05-21 at 10:48 -0700, Michael Shadle wrote:
>> Default is zero.
>
> Indeed.
>
> I can't find a single installation of PHP (amongst about 35 virtual
> servers I checked) where this option isn't commented out (so defaulting
> to 0).
>
> Is there some widely-used PHP application that requires this be on?
>
> Cliff
>
> --
>
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://nginx.org/mailman/listinfo/nginx
>
More information about the nginx
mailing list